Update GKE kubelet scraping docs (#1682)

d01cdf96 · seph · Frederic Branczyk · b7a9751f · d01cdf96 · d01cdf96
Commit d01cdf96 authored 6 years ago by seph Committed by Frederic Branczyk 6 years ago
--- a/README.md
+++ b/README.md
@@ -362,6 +362,8 @@ Should the Prometheus `/targets` page show kubelet targets, but not able to succ
 As described in the [prerequisites](#prerequisites) section, in order to retrieve metrics from the kubelet token authentication and authorization must be enabled. Some Kubernetes setup tools do not enable this by default.
+If you are using Google's GKE product, see [docs/GKE-cadvisor-support.md].
 #### Authentication problem
 The Prometheus `/targets` page will show the kubelet job with the error `403 Unauthorized`, when token authentication is not enabled. Ensure, that the `--authentication-token-webhook=true` flag is enabled on all kubelet configurations.

--- a/docs/GKE-cadvisor-support.md
+++ b/docs/GKE-cadvisor-support.md
-# Kubelet / cAdvisor special configuration updates for GKE 
+# Kubelet / cAdvisor special configuration updates for GKE
-In order to allow Prometheus to access the endpoints provided by the kubelet/cAdvisor on GKE we have to downgrade the scheme to HTTP (from HTTPS).
+Prior to GKE 1.11, the kubelet does not support token
+authentication. Until it does, Prometheus must use HTTP (not HTTPS)
+for scraping.
+You can configure this behavior through kube-prometheus with:
+```
+local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
+    (import 'kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet') +
+	{
+        _config+:: {
+		# ... config here
+		}
+    };
+```
+Or, you can patch and re-apply your existing manifests with:
 On linux:
@@ -10,9 +24,9 @@ sed -i -e 's/https/http/g' \
 contrib/kube-prometheus/manifests/prometheus/prometheus-k8s-service-monitor-kubelet.yaml
 ```
-On MacOs: 
+On MacOs:
-``` 
+```
 sed -i '' -e 's/https/http/g' \
 contrib/kube-prometheus/manifests/prometheus/prometheus-k8s-service-monitor-kubelet.yaml
 ```